Download presentation
Presentation is loading. Please wait.
Published byNeal Norman Modified over 9 years ago
1
TouchLogger: Inferring Keystrokes on Touch Screen from Smartphone Motion Liang Cai and Hao Chen UC Davis
2
Security Problems on Smartphones Old problems – Malware – Software bugs – Information leak – … New problems – How can attackers exploit sensors?
3
Sensors on Smartphones Privacy-sensitive sensors – Microphones – Cameras – GPS Are motion sensors privacy-sensitive? – Accelerometers – Gyroscopes
4
Traditional Keyloggers Intercepting key events – E.g., Trojan programs Using out of channels – Acoustic frequency signatures of keys – Timing between keystrokes – Electromagnetic emanations of keystrokes Work well on physical keyboards – But not on software keyboards
5
Keylogger for Soft Keyboard New out of band channel on smartphones – Accelerometers – Gyroscopes Insight: motion sensor data can infer keystrokes
6
Threat Model Keylogger can read motion sensor – Most users do NOT regard motion sensors as sensitive data source – W3C’s DeviceOrientation Event Specification allows web applications to read motion sensors via JavaScript supported by both Android 3.0 and iOS 4.2 User does NOT place phone on fixed surface
7
Modeling Typing-Induced Motion Shift is affected by – Striking force of the typing finger – Resistance force of the supporting hand Rotation is affected by – Landing location of the typing finger – Location of the supporting hand on the phone We observe – Shift is more likely user dependent – Rotation is more likely user independent
8
Device Orientation Device orientation event consists of – α: Device rotates along z-axis (perpendicular to the screen plane) – β: Device rotates along x-axis (parallel to the shorter side of screen) – γ: Device rotates along y-axis (parallel to the longer side of screen) We use only β and γ
9
Feature Extraction
11
Evaluation HTC Evo 4G smartphone Digits 0 … 9 on number-only soft keyboard
12
Results Collected 3 datasets – 2 smaller datasets for training – The largest dataset (449 keystrokes) for testing Correctly inferred 321 out of 449 (71.5%) keystrokes.
13
Detailed Inference Results
14
Training Set Size
15
Conclusion Motion sensors on smart phones may reveal keystrokes Need to protect motion sensors as diligently as other sensors
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.